PCI Johannesburg
"Safeguarding the Sub-Saharan payment card industry"
27th January 2009
Hyatt Regency Hotel, Johannesburg
Event Agenda
08:00--08:55Registration: Coffee and Tea Provided 
09:00--09:45Session 1: Setting the scene - Card Fraud and Data Compromises
   “Detection, Prevention & Investigation”
An overview of the South African Banking Risk Information Centre (SABRIC). Card Fraud Trends and Tendencies in South Africa and linking Crime Risk Information  - Speaker: Arno Viljoen, Senior Manager Crime & Risk Information, South African Bank Risk Information Center SABRIC 

"Data Security The Industry’s Challenge"
This presentation will provide an overview of Payment Data Vulnerability, Costs Incurred from Payment Data Loss and What Merchants and Service Providers Can Do to Protect Their Customers and Themselves - Speaker: Charles Niehaus, General Manager, South Africa and sub-Saharan Africa, Visa CEMEA 

“Forensics Update: Trends in Payment Card Compromise”
A global perspective on cardholder data compromises amassed from Trustwave's work in digital forensics and incident response. Based on 440 compromise investigations this presentation will cover what types of organisations are falling victim to compromise, how cardholder data is compromised including common hacking methods and an overview of trends expected to develop in the coming years
- Speaker: Riaan Versfeld, Managing Director EMEA, Trustwave
09:45--10:20

Education Seminars (concurrent, choose one)

 “PCI-DSS Background and Consequences of non-compliance”
- Speaker: Rohit Tripathy, Director, Control Case		“Achieving and Maintaining Payment Card Industry (PCI)Compliance”: - Speaker: Guy Denton, Global Security Solution Manager, IBM ISS
10:20-10:50: Coffee and Networking Break  
10:50--11:50Session 2: The wider impact - Methods and effects of data leakage, lessons from a South-African retailer
   “OVERSIGHT OF THE PAYMENT SYSTEM”
This presentation will include a high-level view of the oversight/risk management of the South African National Payment System with reference to cards, including the scope of oversight, the legal foundation of oversight, the oversight process, institutions and risks in the card payment system. - Speaker: Johann Bence, Head of Oversight - National Payment System Department, South African Reserve Bank

"EDCON: What you should know about implementing the payment card industry's Data Security Standard (DSS)"
There has been much confusion regarding PCI, particularly in applied to South African card processors and in particular retailers, sometimes resulting in three versions of the truth available from the PCI SSC, credit card companies and South African acquiring banks. This session will provide a view on how Edcon chose to resolve the confusion and attested to PCI compliance. - Speaker: Ritasha Jethva
Manager, Edcon Information Security Office (c/o Deloitte Enterprise Risk Services) 

"Protection of Personal Information of Consumers"
Definition of Personal Information, Compliance with Data Protection Legislation in South Africa, Data Protection Principles pertaining to Collection and Disclosure of Personal Information, Establishing Data Protection Policies and Procedures within your Institution, Case Studies and Best Practices  - Speaker: Pria Chetty, Founder, Chetty Law 
11:50--12:25

Education Seminars (concurrent, choose one)

 “Lessons from a QSA Trainer; Real Life Tips for Addressing PCI DSS”

QSA Trainer Chris Mark will discuss some of the most common areas where companies struggle with PCI Compliance and talk about strategies for achieving compliance in an efficient and cost effective manner.  Specifically the following topics will be covered:
- Speaker: Chris A Mark, Director, Society of Payment Security Professionals		“The PCI DSS/PA DSS compliance programme”

This seminar will cover the Validation requirements for Merchants, Service providers and banks along with an outline of Deadline/Mandates for Merchants, Service providers and banks  - Speaker: Mani Tulasi, CISSP Account Information Security Manager, Visa CEMEA (UK)
12:25--13:15

LUNCH and Networking Break

13:20--14:00Session 3: PCI Implementation - Case Studies, Challenges, Tips & Tricks
  

“PCI DSS Challenges & Lessons learned”
MSCC represent the key PCI DSS challenges and lessons learned in implementing PCI DSS whilst and helping clarify how outsourcing payment processing can simplify your PCI Compliance Project. Issues covered in this presentation include: Understanding the compliance Process, Scoping Challenges, Protecting Stored Cardholder Data, Developing and maintaining secure systems and applications, The logging trap, Keeping Live Systems Up and Running, Involving Business owner and build awareness, Understanding the business flow as well as the IT security dimensions, How outsourcing services enable PCI DSS Compliance. - Speaker: Hany Fawzy, Head of IT, Mediterranean Smart Cards Company (MSCC) 

""Cost effective solutions for PCI DSS compliance"
This presentation will focus on cost effective ways for organisations to achieve PCI DSS compliance without having to invest unnecessarily in infrastructure or human resources. Examples will be provided of processes, methodologies and product selection which can mitigate the financial pain of compliance." - Speaker: Michael Wilson, Operations Manager, eCentric Switch

14:05--14:40Education Seminars (concurrent, choose one)
 “Lessons from a QSA Trainer; Real Life Tips for Addressing PCI DSS”

QSA Trainer Chris Mark will discuss some of the most common areas where companies struggle with PCI Compliance and talk about strategies for achieving compliance in an efficient and cost effective manner.  Specifically the following topics will be covered:
- Speaker: Chris A Mark, Director, Society of Payment Security Professionals		“The PCI DSS/PA DSS compliance programme”

This seminar will cover the Validation requirements for Merchants, Service providers and banks along with an outline of Deadline/Mandates for Merchants, Service providers and banks  - Speaker: Mani Tulasi, CISSP Account Information Security Manager, Visa CEMEA (UK)
14:45--15:20Coffee and Networking Break  
15:25--16:00Education Seminars (concurrent, choose one)
 “How to develop a PCI Security Strategy”: - Speaker: Guy Denton, Global Security Solution Manager, IBM ISS"Gaining Consumer Trust Through the Use of EV SSL Certificates" - Speaker: Riaan Versfeld, Managing Director EMEA, Trustwave
16:05--16:45Session 4: Sustaining Compliance - Good Governance, Risk Management & Best
 "Reaching PCI DSS Compliancy, the aftermath…how to sustain compliance"
Achieving excellence is easy but maintaining higher levels of performance over a length of time involves awareness, discipline and motivation as demonstrated countless times by top performing athletes. The same applies to reaching and maintaining PCI DSS Compliance. Whilst compliance is often seen as a necessity organisations can save time, money, and resources by planning for sustained compliance and adopting sound corporate governance models. This presentation will demonstrate a high level governance and compliance model with the corresponding processes in order to not only maintain compliance with PCI but also be prepared to adapt to future regulations and standards. - Speaker: Guno Pocorni, Associate Director, International Assurance Providers


"Governance, Risk Management and Ethical Conduct"
Governance - South Africa and international governance standards with particular emphasis being placed on the Harvard Business Schools Global Business Standards Codex on Governance comprising of 8 Principles of Governance - Risk Management Identification of fraud risks utilising scenario planning Ethical Conduct: - Defining the ethical landscape within the organisation. - Developing a code of ethics for the organisation. - Speaker: Patrick Cunningham, Executive Director, South Africa Fraud Prevention Services (SAFPS) 
16:45--17:15Round Table / Q&A
17:15--18:15Cocktail Reception sponsored by International Assurance Providers
     



Limited availability: Click here for information on how to register